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REMARKS/ARGUMENTS 

Prior to the entry of this Amendment, claims 1, 7, 9-14, 16, 20-25, 27, 31-36, 38, 
39, 41-44, 46-49, and 51-57 were pending in this application. Claims 1, 9, 16, 21, 27, and 32 
have been amended, claims 38, 39, 41-44, 46-49, 51, and 52 have been canceled, and no claims 
have been added herein. Therefore, claims 1, 7, 9-14, 16, 20-25, 27, 31-36, and 53-57 are now 
pending in this application. Support for these amendments can be found, for example, in FIG. 20 
and the related description beginning at page 46 of the pending application. Applicants request 
reconsideration of these claims for at least the reasons presented below. 

35 U.S.C. S 103 Rejection, Hardy in view of Fox 

The Office Action has rejected claims 1, 7, 9-14, 16, 20-25, 27, 31-36, 38, 39, 41- 
44, 46-49, and 51-57 under 35 U.S.C. § 103(a) as being unpatentable over U.S. Patent No. 
6,073,242 to Hardy et al. (hereinafter "Hardy"), and further in view of U.S. Patent Pub. No. 
2005/0138363 of Fox et al. (hereinafter "Fox"). The Applicants respectfully submit that the 
Office Action does not establish a prima facie case of obviousness in rejecting these claims, as 
amended. Therefore, the Applicants request reconsideration and withdrawal of the rejection. 

In order to establish a prima facie case of obviousness, all claimed limitations 
must first be taught or suggested by the prior art. See, e.g., DyStar Textilfarben GmbH & Co. 
Deutschland KG v. C.H. Patrick Co., 464 F.3d 1356, 1360 (Fed. Cir. 2006). The Office Action 
must then provide an explicit analysis supporting the rejection. See KSR Int'l Co. v. Teleflex Inc., 
Ill S. Ct. 1727, 1741 (2007) ("a patent composed of several elements is not proved obvious 
merely by demonstrating that each of its elements was, independently, known in the prior art"). 
While the Office Action can use one of several exemplary rationales from the MPEP to support 
an obviousness rejection under KSR, all the rationales still require the Office Action to 
demonstrate that all the claim elements are shown in the prior art. See MPEP §2143. As will be 
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discussed below, the references cited by the Office Action do not teach or suggest each claimed 
limitation. 

As discussed previously, Hardy is directed to "an authority server that supports 
the implementation of role-based enterprise policies for expressing and exercising authority and 
the projection and transfer of those authorities over networks of communicating electronic 
systems." (Col. 3, line 23-27) Under Hardy, "the authority server exclusively embodies the 
authorities of the enterprise and allows its users to indirectly wield those authorities only as 
permitted by enterprise policies." (Col. 3, lines 28-31) That is, Hardy describes issuing 
representations of authority based on application of enterprise policies. See generally col. 3, line 
23 -col. 4, line 51. 

However and as noted previously, Hardy fails to teach or suggest a first workflow 
which calls for obtaining an approval before performing a certificate related action for users 
having a first user type and a second workflow which does not call for obtaining an approval 
before performing a certificate related action for users having a second user type. Hardy also 
fails to teach or suggest such an entity identified in a user profile for the user. Hardy does not 
teach or suggest one of the workflows requiring approval for a certificate action while another 
does not. That is, Hardy does not teach or suggest selecting workflows that handle certificate 
related requests differently, i.e., requiring or not requiring approval from an entity associated 
with a requesting user, based on the type of user requesting the action. Rather, Hardy describes 
issuing representations of authority based on a set of enterprise policies but without mentioning 
obtaining approval from an entity associated with the requestor, identified in an identity profile 
for the requestor or otherwise. 

Further still, Hardy does not teach or suggest selecting between workflows for 
performing such certificate related actions based on a domain to which a user may belong, an 
action requested and a user type from an identity profile that is identified in the request for the 
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certificate related action. In other words, Hardy does not teach or suggest determining from a 
plurality of domains a domain that includes a user, determining from the plurality of workflows, 
one or more workflows associated with the domain and capable of performing the certificate 
related action, retrieving from the one or more workflows associated with the domain a first 
workflow for responding to the request, wherein retrieving the first workflow comprises 
selecting the first workflow from the one or more workflows associated with the domain based 
on the first certificate related action and a user type of the first user from a set of characteristics 
for the first user from an identity profile for the first user maintained by the Identity System and 
indicated in the request for the certificate related action as recited in the pending claims. 

Fox is directed to "a method and system for using a certificate authority to first 
provide a customer with a digital certificate, and then having a relying third party who receives 
that digital certificate from the customer access a status authority (the certificate authority or a 
designated agent of the certificate authority) to receive a second, reissued digital certificate on 
the first digital certificate or its public key." (paragraph 7) However, Fox does not teach or 
suggest, alone or in combination with Hardy, determining from a plurality of domains a domain 
that includes a user, determining from the plurality of workflows, one or more workflows 
associated with the domain and capable of performing the certificate related action, retrieving 
from the one or more workflows associated with the domain a first workflow for responding to 
the request, wherein retrieving the first workflow comprises selecting the first workflow from the 
one or more workflows associated with the domain based on the first certificate related action 
and a user type of the first user from a set of characteristics for the first user from an identity 
profile for the first user maintained by the Identity System and indicated in the request for the 
certificate related action. Rather, Fox like Hardy seems to be silent with regard to selection of 
workflows based on a domain to which user belongs. 

Claim 1, upon which claims 2-15, 54, and 55 depend, claim 16, upon which 
claims 17-26 and 56 depend, and claim 27, upon which claims 28-37 and 57 depend, each recite 
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in part "associating each workflow of a plurality of workflows with a corresponding domain of a 
plurality of domains in an Identity System, each domain of said plurality of domains comprising 
one or more entities and each workflow of said plurality of workflows using a different 
predefined set of steps to perform a certificate related action wherein each workflow in said 
plurality of workflows corresponds to a different set of characteristics for a user, wherein the first 
workflow contains a first set of steps and a second workflow in said plurality of workflows 
contains a second set of steps, wherein said first set of steps is different from said second set of 
steps, wherein said first workflow calls for obtaining an approval before performing a certificate 
related action for users having a first user type, and wherein said second workflow does not call 
for obtaining an approval before performing a certificate related action for users having a second 
user type; receiving at the Identity System a request for a first certificate related action for a first 
user wherein the first certificate related action is selected from a group consisting of a certificate 
enrollment action, a certificate renewal action, and a certificate revocation action; determining 
from said plurality of domains a domain that includes said user; determining from said plurality 
of workflows, one or more workflows associated with said domain and capable of performing 
said certificate related action; retrieving by the Identity System from said one or more workflows 
associated with said domain a first workflow for responding to said request, wherein retrieving 
the first workflow comprises selecting the first workflow from the one or more workflows 
associated with said domain based on the first certificate related action and a user type of the first 
user from a set of characteristics for the first user from an identity profile for the first user 
maintained by the Identity System being the first user type and wherein the request includes an 
identification of said identity profile for the first user; [and] performing said first workflow, 
wherein performing said first workflow comprises executing said predefined set of steps of said 
first workflow to perform said certificate related action including retrieving an approval response 
from an entity associated with the first user and identified in the identity profile for the first user 
and obtaining a certificate and a real time status for the certificate from a certificate authority 
based on the approval response." Hardy and Fox do not teach or suggest, alone or in 
combination, determining from a plurality of domains a domain that includes a user, determining 
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from the plurality of workflows, one or more workflows associated with the domain and capable 
of performing the certificate related action, retrieving from the one or more workflows associated 
with the domain a first workflow for responding to the request, wherein retrieving the first 
workflow comprises selecting the first workflow from the one or more workflows associated 
with the domain based on the first certificate related action and a user type of the first user from 
a set of characteristics for the first user from an identity profile for the first user maintained by 
the Identity System and indicated in the request for the certificate related action. For at least 
these reasons, the Applicants respectfully request withdrawal of the rejection. 



CONCLUSION 



In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance and an action to that end is respectfully requested. 



If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 303-571-4000. 



Respectfully submitted, 



/William J. Daley/ 
William J. Daley 
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